Time Travel Debugging

Introduction

Time Travel Debugging is a Microsoft tool for recording program execution on Windows, much like rr. You can replay the trace in a debugger and step forwards and backwards through the recording.

Recording a trace is very, very slow. A full browser startup can take multiple minutes and trace files can grow into the gigabytes. (TTD takes a very different approach from rr, with heavyweight instrumentation. This means multiple threads can run in parallel during recording, unlike rr.) Replay speed is reasonable. And yes, you can set memory access breakpoints!

Known Issues

Crash when recording JIT code

WinDbg versions 1.0.16.0 and earlier have a bug that results in a crash when recording Spidermonkey's JIT code. It should be fixed in the next WinDbg release, due Any Day Now. In the meantime you can work around the bug in any of these ways:

• Apply https://hg.mozilla.org/try/rev/b1ceb5a9a7f1071f9f710f9e9ba5bae14e696fa2
• Disable all JIT prefs (baseline, ion, regex, ...?)
• Run with --safe-mode to disable all JITs

Installation

Time Travel Debugging is a built-in feature of the new WinDbg Preview in the Microsoft Store on Windows 10: https://aka.ms/WinDbgPreview

Recording a trace

From the WinDbg GUI

• Launch Windbg Preview with Administrator privileges (required)
• From the File menu choose "Launch Executable (Advanced)"
• Select the path to your program, arguments, etc.
• Check the box for "Record process with Time Travel Debugging"
• Click OK

You can also attach TTD to a running process from the File menu.

I haven't found a way to include child processes in the recording through the GUI. For that, use the command line:

From the command line

• First find whatever cryptic path TTD got installed to. Mine was at C:\Program Files\WindowsApps\Microsoft.WinDbg_1.0.16.0_x86__8wekyb3d8bbwe\amd64\TTD. I copied those files to C:\TTD for convenience.
• Open a command prompt with Administrator priviliges (required)
• Run: path\to\TTD.exe -children path\to\firefox.exe -no-remote -profile ...

The -children flag is optional and includes child processes in the recording.

Trace files and indexes

After recording you'll get a trace file (.run) for each process, anywhere from several hundred megabytes to gigabytes in size. Opening a trace for the first time will generate an index file (.idx) which will be about twice the size of the .run file. You can safely delete .idx files and regenerate them later. Traces can be replayed on a different machine.

Replaying a trace

Opening a .run file will bring up the trace in the new WinDbg. You can use all WinDbg commands from previous versions, as well as the new reverse-execution commands:

• t- (reverse step-into)
• p- (reverse step-over)
• g- (reverse execute)

There are GUI buttons for these commands as well.

Each time you step, you'll get a clickable timestamp within the trace, useful for jumping back and forth to different points of the recording.

See http://dblohm7.ca/pmo/windbgcheatsheet.html for an introduction to WinDbg commands.